Security News > 2021 > January > Why cybersecurity audits are essential for risk management
Find out what your company could risk by not getting cybersecurity audits.
Steven Wertheim, president of SonMax Consultants, in his CPA Journal article Auditing for Cybersecurity Risk makes a strong case that auditing should be a part of every cybersecurity defense program.
Inadequate understanding of the risks: Wertheim is concerned those in charge of a company's cybersecurity are not cognizant of the organization's level of cybersecurity risk nor know where critical business-related data is stored.
Lack of audit involvement: As a proponent of auditing, Wertheim firmly believes the only way to develop a clear picture of the risk is to hire an independent auditing firm.
Update the understanding of risks: Auditing risk is not a one-time effort-it needs to occur on a regular basis and focus on identifying all risks and then deciding which are the most critical.
SEE: Be proactive: 3 risk management steps to take before a cyberattack.